Step 0:

Step 1: Set EC2ReadOnly Group

In IAM Management Console, create a EC2ReadOnlyGroup Group, by clicking on the “Create a New Group of Users” button.

Step 2: Set EC2ReadOnly Policy

Select Amazon EC2 Read Only Access during Permissions step.

Step 3: Set EC2ReadOnly User

Create a specific EC2readOnlyUser during Users step.

Step 4: Generate Group, Policy, User and Credentials

Review and confirm the creation of the Group and User, and the generation of the EC2 Credentials for this user.

Step 5: Save Credentials

Save you credentials by clicking on the “Download Credentials” button and start using them.

NB: Pay attention that if you do not download those credentials or use the show option to register them, you won’t be able to retrieve them and you will have to regenerate new credentials.

Step 6: To go Further and finely tune your Policy

During Permission step, you can use the Policy Generator to create the policy with the minimal requirement for your needs. As a security guy, I strongly advise to follow the principle of least privilege.